For the purposes of the EU General Data Protection Regulation (2016/679) and the United Kingdom (UK) equivalent retained under the European Union (Withdrawal) Act 2018 (collectively the “GDPR”), the data controller of your personal information is Ordway Labs, Inc. with a registered address at 1707 L Street NW, Suite 850, Washington, DC 20036, USA. We can be contacted at email@example.com.
- What personal information about you is collected by us.
- What we do with the personal information we collect, and our legal bases for this.
- How long we will retain personal information about you.
- How we may share personal information about you and who we may share it with.
- Your rights in relation to our collection and use of your personal information.
- How you can contact us for more details.
What information do we collect?
We have set out below some examples of common categories of personal information that we may collect.
Personal information collected from the customer.
We collect personal information if you contact us through our website, for example to request additional information from us. This information may include:
- Your name;
- Your company information;
- Your mailing address;
- Your e-mail address and phone number; and
- Information about the device used to contact us, including your IP address.
Personal information may also include any other information you choose to provide to us in your communication.
If you engage us to provide services to you, we may request and you may provide the following information (through the Website, during the provision of our services or through other communication methods):
- First and last name;
- Company information;
- Mailing address;
- E-mail address;
- IP Address;
- Phone Number;
- Customer information;
- Product information;
- Pricing, plan/tier, term, and billing information;
- Payment information; and
- Other information requested or provided through our services.
Personal information collected automatically.
Once information is collected, how is it used?
Use of Information
Generally, we use the personal information you provide us to provide the services for which such data was collected. You are not obliged to provide us with personal information, although if you do not provide us with the information that we require, we may be unable to enter into a contract with you, or perform services under such a contract.
We will only process personal information where we have a valid legal basis for doing so. Accordingly, we may use you or your customers’ personal information for a number of reasons including but not limited to the following:
Where using your personal information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract, for example:
- to provide you with access to our services;
- for service administration purposes, which means that we may contact you for reasons related to the service you have signed up for (e.g. to provide you with password reminders or to notify you regarding a particular service);
- to contact you about a submission you have made to the website, including any content you provide; and/or
- to issue invoices, administer accounts, collect and process payments for you and your customers.
Where using personal information is necessary for the purposes of our legitimate interests (or those of a third party) except where such interests are overridden by the data subjects’ fundamental rights and freedoms, for example:
- To provide your employees or customers with access to our services and for contacting your employees or customers for service administration purposes;
- where you are an existing individual customer who has chosen not to opt-out of direct marketing, or an employee of a business customer, we may use your personal information to send you e-mails, e-newsletters, personalized offers or other communications about our services;
- to identify the number of visits to the Website (including via IP address logging) from different locations and also to block disruptive use for you and your customers;
- to disclose specific information upon governmental request, to enforce our policies, or to protect our or others’ rights, property, or safety;
- to analyze and improve the services we offer; and/or
- to stop disruptive or abusive behavior by our users (e.g. the posting or transmission of offensive, inappropriate or objectionable content on the Website or to us).
On rare occasions it may be necessary for us to process your personal information in order to comply with a legal obligation, for example, in response to a court order or when otherwise required by law.
We may also process your personal information for other purposes where we have your express consent to do so.
We do not anticipate that we will routinely process special categories of personal data. However, where such processing does occur, we shall ensure that we have an additional legal basis for such processing, as required by the GDPR. By sending us any messages that include special category personal data, you are providing your express consent for us to process such data. Such consent can be withdrawn at any time. Please contact us for more information.
How long do we keep your personal information for?
We will keep your personal information for no longer than is necessary for the purpose for which it was originally collected. We may, however, retain and further use your personal information as necessary to comply with our legal obligations, to resolve disputes and enforce our rights, or if it is not technically and reasonably feasible to remove such personal information from our databases and systems.
Who do we share your personal information with?
We may share your personal information with companies assisting in fraud protection or investigation. We do not provide information to these agencies or companies for their marketing or commercial purposes. We may also share your personal information with other third parties, for example in the following circumstances:
Within our organizations and with Our Service Providers
We may share information we collect from all points of contact within our organization, including with our affiliated companies. The information you give us and information about you may be combined with other personally identifiable information available from our records and other sources. We may also share information with our service providers operating on our behalf to provide services to our customers (including but not limited to: third party payment processors, hosting providers, IT service providers, etc.).
On a Sale, Merger or other Fundamental Transaction
Should Ordway choose to sell or transfer business assets, or to otherwise engage in a merger, reorganization or other fundamental transaction, Ordway reserves the right to transfer any or all of the information we possess as part of that fundamental transaction or as part of any due diligence process and Ordway may, at its option, retain a copy of all information transferred.
Aside from the sharing set forth above, we will not share your personally identifiable information with any third parties. We may however share de-identified, aggregated or anonymous information that cannot identify you with third parties.
Links to Other Sites
Information provided to third parties
We have established an EEA based Amazon Web Services presence for the processing of our UK or EEA based customers’ information. However, aspects of our services involve the transfer of personal information to servers located and operated within the United States (e.g. our marketing activities). By using and accessing our Website and services, residents and citizens of countries and jurisdictions outside of the United States acknowledge that their personal information will be transferred to, and processed on, servers located in the United States.
The United States has not been deemed by the European Commission, or the UK Department for Digital, Culture, Media & Sport as providing an adequate level of protection for personal information originating from, or relating to individuals residing in, the European Economic Area (EEA) or the UK. As such, where necessary, we will ensure appropriate safeguards are in place (including by entering into approved standard contractual clauses) to protect any such personal data. For more information about this, or to obtain a copy of the appropriate safeguards we have implemented, please contact us.
How do we protect customer information?
We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login and related information.
What rights do you have in relation to our use of your personal information?
Your rights in relation to our use of your personal information vary depending on where you are based and the relevant data protection laws that apply.
European or UK residents.
If you are based in the EEA or the UK, then you have the following rights in relation to your personal information:
- The right of rectification: You have the right to have inaccurate personal information corrected.
- The right of erasure: You have the right to request that personal information we hold about you is deleted.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal information.
- The right of portability: You have the right to request that personal information processed by us by automated means is provided to you, or a third party, in a structured, commonly used, machine readable format.
Please note that the above rights are not absolute and there may be circumstances in which we can refuse to comply with a request to exercise them. To obtain more information regarding the above rights, or if you would like to exercise any of them, please contact our Customer Success team at firstname.lastname@example.org.
If you are unhappy with our response to a request relating to the above rights, or data processing generally we ask that you contact us first so that we may seek to resolve the issue. However, you have the right to make a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK.
COPPA (Children’s Online Privacy Protection Act)
Shine the Light
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2017 will receive information regarding 2016 sharing activities).
To obtain this information from us, please send an email message to email@example.com with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your email address in response. Not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing (if any) will be included in our response.
Do Not Track
At this time, the Website does not respond to “do not track” requests that may be available in your browser for letting websites know that you do not want them collecting certain types of information.
Questions and How to Contact Us
Ordway Labs, Inc.
1707 L Street NW, Suite 850
Washington, DC 20036
Last updated: May 21, 2021